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Abstract 


The  safety,  security,  and  resilience  of  international  postal,  shipping,  and  transportation  critical 
infrastructure  are  vital  to  the  global  supply  chain  that  enables  worldwide  commerce  and  commu¬ 
nications.  But  security  on  an  international  scale  continues  to  fail  in  the  face  of  new  threats.  Own¬ 
ers  and  operators  of  critical  postal,  shipping,  and  transportation  operations  need  new  methods  to 
identify,  assess,  and  mitigate  security  risks  and  gaps  in  the  most  effective  manner  possible.  The 
U.S.  Postal  Inspection  Service,  in  collaboration  with  the  Universal  Postal  Union  (UPU)  and  the 
CERT"  Division  at  Carnegie  Mellon  University’s  Software  Engineering  Institute,  developed  a 
physical  security  assessment  method  to  identify  gaps  in  the  security  of  international  mail  pro¬ 
cessing  centers  and  similar  shipping  and  transportation  processing  facilities.  This  assessment 
method  and  its  associated  field  instrument  are  designed  to  be  repeatable,  cost  effective,  scalable, 
accurate,  meaningful,  and  transparent.  Since  the  method  uses  UPU  standards  as  its  reference,  it 
may  be  used  by  the  international  community  to  evaluate  the  security  of  postal  administrations 
around  the  world.  The  method  also  can  be  applied  to  other  types  of  critical  transportation  services, 
such  as  metropolitan  transit  systems.  This  report  describes  the  history,  development  approach, 
field  experiences,  and  benefits  of  this  method. 
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1  Introduction 


In  October  2010,  two  packages  from  Yemen  containing  explosives  were  discovered  on  U.S.- 
bound  cargo  planes  of  two  of  the  largest  worldwide  shipping  companies,  UPS  and  FedEx  [CNN 
2010,  Perez  2010].  The  visibility  of  this  incident  brought  regulatory  attention  to  a  long-standing 
problem.  The  Wall  Street  Journal  reported,  “International  cargo  shipments  have  for  years  been 
seen  as  a  weak  link  in  anti-terror  efforts.  Lawmakers  have  stressed  the  importance  of  bolstering 
cargo  screening  for  explosives,  but  much  emphasis  has  focused  on  material  loaded  into  passenger 
rather  than  cargo  planes”  [Perez  2010],  In  early  2012,  the  Universal  Postal  Union  (UPU)  and  sev¬ 
eral  stakeholder  organizations  developed  two  security  standards  to  improve  security  in  the 
transport  of  international  mail  and  to  improve  the  security  of  critical  postal  facilities. 

Developers  of  the  standards  recognized  a  need  for  some  means  to  enable  implementation  of  the 
new  standards  and  measure  compliance  to  them.  The  U.S.  Postal  Inspection  Service  (USPIS),  the 
UPU,  and  the  CERT  *  Division  at  Carnegie  Mellon  University’s  Software  Engineering  Institute 
(SEI)  collaborated  to  develop  a  physical  security  assessment  method  and  an  associated  field  in¬ 
strument  based  on  the  UPU  standards. 1  The  method  can  be  used  to  identify  gaps  in  the  security  of 
international  mail  processing  centers  and  similar  shipping  and  transportation  processing  facilities. 
In  this  report,  we  present  the  development  approach,  field  experiences,  benefits,  and  potential  ap¬ 
plications  of  the  method  for  other  types  of  critical  transportation  services. 


CERT  is  a  registered  mark  of  Carnegie  Mellon  University. 
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2  Background 


The  UPU,  headquartered  in  Berne,  Switzerland,  is  a  unit  of  the  United  Nations  that  regulates  the 
postal  services  of  192  member  countries.  These  postal  services  form  the  largest  physical  distribu¬ 
tion  network  in  the  world.  The  Foreword  to  the  Postal  Security  Standards  states,  “More  than  5 
million  postal  employees  working  in  over  660,000  post  offices  all  over  the  world  handle  an  annu¬ 
al  total  of  434  billion  letter-post  items  in  the  domestic  service  and  5.5  billion  in  the  international 
service.  More  than  6  billion  parcels  are  sent  by  post  annually”  [UPU  2013a]. 

The  Postal  Security  Group  (PSG)  of  the  UPU  develops  global  and  regional  security  strategies  to 
assist  postal  operators  in  their  common  security  missions.  As  the  UPU  describes  its  role, 
“Through  training  initiatives,  consulting  missions,  and  prevention  programs,  the  PSG  strives  to 
protect  the  employees  and  assets  of  the  postal  operators  along  with  safeguarding  the  mails  from 
fraud,  theft  and  misuse”  [UPU  2013a].  PSG  members  are  security  experts  from  a  number  of  UPU 
member  countries. 

The  PSG,  together  with  other  UPU  stakeholders,  developed  two  security  standards  in  2012  in  re¬ 
sponse  to  the  attempted  shipment  of  explosives  from  Y emen  [UPU  2011]  and  other  similar  inci¬ 
dents: 

•  S58,  Postal  Security  Standards  -  General  Security  Measures  defines  the  minimum  physical 
and  process  security  requirements  applicable  to  critical  facilities  within  the  postal  network 
[UPU  2013a], 

•  S59,  Postal  Security  Standards  -  Office  of  Exchange  and  International  Airmail  Security  de¬ 
fines  minimum  requirements  for  securing  operations  relating  to  the  transport  of  international 
mail  [UPU  2013b], 

The  UPU  standards  define  mandatory  measures  to  better  screen  and  take  custody  of  international 
mail  and  to  apply  security  requirements  in  critical  facilities,  such  as  international  offices  of  mail 
exchanges,  which  process  arriving  and  departing  international  mail  [UPU  2012].  The  standards 
were  accepted  at  the  25th  Universal  Postal  Congress  in  Doha,  Qatar,  in  September  2012  [UPU 
2013c]. 

2.1  USPIS  Involvement 

For  the  past  17  years,  the  chief  postal  inspector  of  the  USPIS  has  chaired  the  PSG,  and  USPIS 
inspectors  participated  in  the  development  of  S58  and  S59.  The  USPIS  is  the  law  enforcement 
arm  of  the  U.S.  Postal  Service  (USPS).  It  is  the  longest  standing  federal  law  enforcement  agency 
in  the  United  States,  dating  back  to  1772.  The  United  States  is  the  only  country  to  have  a  separate 
and  distinct  postal  inspection  service.  The  USPIS  website  describes  its  mission  and  responsibili¬ 
ties: 


The  mission  of  the  U.S.  Postal  Inspection  Service  is  to  support  and  protect  the  U.S.  Postal 
Service  and  its  employees,  infrastructure,  and  customers;  enforce  the  laws  that  de:fend  the 
nation ’s  mail  system  from  illegal  or  dangerous  use;  and  ensure  public  trust  in  the  mail. 
Through  its  security  and  enforcement  functions,  the  Postal  Inspection  Service  provides  as¬ 
surance  to  American  businesses  for  the  safe  exchange  of  funds  and  securities  through  the 
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U.S.  Mail;  to  postal  customers  of  the  “sanctity  of  the  seal”  in  transmitting  correspondence 
and  messages;  and  to  postal  employees  of  a  safe  work  environment.  [USPIS  2013] 

As  a  member  of  the  PSG,  USPIS  Inspector  in  Charge  Gregory  Crabb  saw  the  need  for  a  simple, 
lightweight  assessment  method  for  detennining  the  capabilities  of  postal  organizations  against  the 
new  standards.  In  a  presentation  to  the  UPU  in  February  2012,  Crabb  proposed  several  objectives 
that  could  be  achieved  through  this  effort  [Gregory  Crabb,  unpublished  data]: 

•  improve  security  practices  (as  participating  organizations  made  whatever  adjustments  the 
assessments  revealed  as  necessary  to  meet  the  standards) 

•  demonstrate  assessed  organizations’  capabilities  to  regulators  (the  European  Commission, 
the  International  Air  Transport  Association,  the  International  Civil  Aviation  Organization, 
the  World  Customs  Organization,  and  internal  and  external  governance  bodies) 

•  assess  security  suppliers 

•  have  the  PSG  serve  as  the  independent  validator  for  the  European  Commission 

2.2  Collaboration  with  the  CERT  Division 

Since  2011,  the  USPIS  has  collaborated  with  the  SEI’s  CERT  Division  to  improve  the  resilience 
of  selected  USPS  products  and  services.  This  collaboration  has  included  projects  dealing  with 
incident  response,  export  screening,  authentication  services,  physical  security  and  aviation  screen¬ 
ing  for  international  mail,  Express  Mail  revenue  assurance,  and  development  of  mail-specific  re¬ 
silience  management  practices  for  mail  induction,  transportation,  delivery,  and  revenue  assurance. 

The  CERT  Division  is  the  largest  technical  program  at  the  SEI,  a  federally  funded  research  and 
development  center  sponsored  by  the  U.S.  Department  of  Defense  and  operated  by  Carnegie 
Mellon  University.  CERT  staff  conduct  research  and  development  in  internet  security,  secure  sys¬ 
tems,  operational  resilience,  and  coordinated  response  to  security  incidents. 

Much  of  the  USPIS  work  with  the  CERT  Division  related  to  the  CERT  Resilience  Management 
Model  (CERT-RMM),  a  capability-focused  maturity  model  for  improving  an  organization’s  man¬ 
agement  of  operational  resilience  activities  across  the  domains  of  security  management,  business 
continuity  management,  and  aspects  of  information  technology  operations  management.  Crabb 
asked  the  CERT  Division  to  develop  an  assessment  method  for  the  UPU  standards  based  on  the 
CERT-RMM  assessment  method  and  process,  along  with  a  companion  field  instrument  with  au¬ 
tomated  features. 

These  were  the  design  criteria  for  the  method  and  the  instrument: 

•  repeatable:  The  method  can  be  used  consistently  by  different  independent  teams  in  the  same 
situation  to  acquire  the  same  results. 

•  cost  effective  and  scalable:  The  method  is  economical  and  functional  for  all  locations,  re¬ 
gardless  of  size  or  capability. 

•  accurate:  The  method  is  evidence-based  and  derived  from  international  standards  so  that  re¬ 
sults  can  be  relied  on  by  the  international  community  (e.g.,  UPU,  International  Civil  Avia¬ 
tion  Organization,  International  Air  Transport  Association,  Transportation  Security 
Administration,  and  World  Customs  Organization). 
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•  meaningful:  The  method  generates  results  that  can  easily  be  acted  on  by  owners  and  opera¬ 
tors  of  the  assessed  processing  facilities. 

•  transparent:  The  method  is  publicly  available  and  can  be  used  for  self-assessment. 

The  method  was  designed  to  allow  assessed  postal  organizations  to  gain  insight  into  their  capa¬ 
bilities  by  identifying  the  strengths  and  weaknesses  of  their  current  security  practices.  Assessment 
results  could  also  identify  risks  and  inform  the  prioritization  of  security  improvements. 
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3  Method  Development  and  Description 


USPIS  and  CERT  staff  held  several  work  sessions  in  January  and  February  2012  to  develop  the 
first  version  of  the  method  and  instrument  for  piloting  in  February.  The  S58  and  S59  postal  secu¬ 
rity  standards  served  as  the  requirements  for  the  method  and  were  annotated  to  facilitate  the  for¬ 
mulation  of  assessment  questions.  The  team  continued  to  develop  and  improve  the  method  based 
on  pilot  assessments  in  three  locations  worldwide.  The  method  and  field  instrument  were  released 
for  public  use  in  September  2012,  and  a  number  of  additional  locations  have  applied  them  since 
then.  Updates  to  the  method  require  UPU  approval. 

As  depicted  in  Figure  1,  the  method  defines  three  phases  for  conducting  the  assessment: 

•  Preparation:  Analyze  requirements,  develop  an  assessment  plan,  select  and  prepare  the  as¬ 
sessment  team,  send  and  receive  the  pre-assessment  questionnaire,  obtain  and  inventory  ob¬ 
jective  evidence,  and  prepare  for  the  conduct  of  the  assessment  (initial  site  visit  and 
logistics). 

•  On-site:  Prepare  participants,  conduct  interviews,  examine  objective  evidence,  document 
objective  evidence,  verify  objective  evidence,  perform  characterizations  and  ratings,  formu¬ 
late  and  validate  preliminary  findings,  generate  the  final  results  of  the  assessment,  and  identi¬ 
fy  improvements  to  the  method  and  the  standards. 

•  Reporting:  Deliver  assessment  results  to  sponsors  and  key  stakeholders,  and  preserve  and 
archive  assessment  results. 


^)>  Preparation 


On-site 


Reporting 


•  Scheduling 

•  Pre-assessment 
questionnaire 

•  Initial  site  visit 

•  Logistics 

-  Interpreter 

-  Access 

-  Camera  permission 

-  Preparation  of  paper- 
based  instrument 


•  Interviews  •  Report  production 

•  Observations  •  Report  delivery 

-  Inspections  •  Follow-up  items 

-  Document  reviews  .  Archiving 
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•  Ratings 

•  Preliminary  findings 

•  Method  and  standard 
improvement 
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Figure  1:  Phases  of  the  Method 


The  assessment  method  contains  a  series  of  questions  based  on  the  requirements  in  the  S58  and 
S59  standards  (refer  to  Table  1  for  examples)  [UPU  2013c].  The  method  also  defines  the  evidence 
requirements  for  each  section  of  the  standards.  The  team  conducting  the  assessment  must  see  doc¬ 
umented  artifacts  or  receive  oral  and  written  statements  and  affirmations  confirming  or  supporting 
implementation  (or  lack  of  implementation)  of  a  practice.  If  there  are  specific  weaknesses  in  im¬ 
plementation,  team  members  record  them  on  their  assessment  worksheets.  For  example,  a  weak- 


CMU/SEI-201 3-TN-033  |  5 


ness  in  implementation  of  S58  Section  5.1.1,  Risk  Assessment  and  Facility  Security  Plans,  might 
be  that  the  facility’s  security  plan  covers  general  lighting  requirements  but  not  interior  emergency 
lighting. 


Table  1:  S58  Requirements  and  Assessment  Questions 


S58 

Section 

S58  Requirement 

Assessment  Question 

5.1.1 

“An  annual  risk  assessment  must  be  conducted  to 
identify  each  critical  facility.  The  assessment  shall 
take  into  consideration  the  postal  assets  and  opera¬ 
tions  at  the  facility,  the  general  crime  rate  of  the  are¬ 
as  and  other  contributing  factors  that  increase  the 
likelihood  of  criminal  incidents”  [UPU  2013a], 

Do  you  conduct  an  annual  risk  assessment  for 
each  critical  facility?  If  so,  would  you  please 
provide  two  recent  risk  assessment  reports  for 
review? 

Does  the  risk  assessment  report  consider  the 
postal  assets  and  operations  at  the  facility,  the 
general  crime  rate  of  the  area,  and  other  con¬ 
tributing  factors  that  increase  the  likelihood  of 
criminal  incidents? 

5.2.2 

“A  visitor  registration  system  shall  be  implemented  to 
record  entries  of  non-employees  into  secure  areas  of 
the  critical  facility”  [UPU  2013a], 

Are  visitors  provided  with  identification  badges 
so  they  can  be  positively  identified  when  en¬ 
tering  secure  areas? 

6.2 

“A  termination  process  must  be  documented  for  em¬ 
ployees  and  contractors.  The  termination  process 
ensures]  the  timely  return  of  identification  docu¬ 
ments,  access  control  devices,  keys,  uniforms  and 
other  sensitive  information.  A  record  system  must  be 
maintained  to  prevent  rehiring  of  terminated  employ¬ 
ees  or  contractors”  [UPU  2013a], 

Do  you  have  a  documented  termination  pro¬ 
cess?  If  yes,  please  share  the  documentation. 
Does  the  termination  process  ensure  the  time¬ 
ly  return  of  identification  documents,  access- 
control  devices,  keys,  uniforms,  and  other 
sensitive  information? 

Do  you  have  a  record  system  to  prevent  rehir¬ 
ing  employees  or  contractors  who  have  been 
terminated  for  cause? 

7 

“After  screening  or  the  application  of  other  security 
controls,  mail  shall  be  accounted  for  and  protected 
from  unauthorized  interference  prior  to  loading  on  an 
aircraft  or  secure  exchange  with  the  carrier,  ground 
handling  agent  or  other  contractor”  [UPU  2013a], 

After  security  controls  have  been  applied,  how 
is  mail  accounted  for  and  protected  from  unau¬ 
thorized  interference  prior  to  loading  on  an 
aircraft  or  secure  exchange  with  the  carrier, 
ground  handling  agent,  or  other  contractor? 

The  assessment  team  considers  the  results  of  interviews  and  the  other  evidence  collected  to  reach 

a  consensus  on  subsection  characterizations  and  section  ratings. 

Subsections  are  characterized  using  the  FILIP  INI  scale  and  mles  (see  Figure  2): 

•  Fully  Implemented  (FI):  One  or  more  direct  artifacts  are  present  and  judged  to  be  acceptable; 
at  least  one  indirect  artifact  or  affirmation  exists  to  confirm  the  implementation;  and  no 
weaknesses  are  noted. 

•  Largely  Implemented  (LI):  One  or  more  direct  artifacts  are  present  and  judged  to  be  ade¬ 
quate;  at  least  one  indirect  artifact  or  affirmation  exists  to  confirm  the  implementation;  and 
one  or  more  weaknesses  are  noted. 

•  Partially  Implemented  (PI):  Direct  artifacts  are  absent  or  judged  to  be  inadequate;  one  or 
more  indirect  artifacts  or  affirmations  suggest  that  some  aspects  of  the  practice  are  imple¬ 
mented;  and  one  or  more  weaknesses  are  noted.  Alternatively,  one  or  more  direct  artifacts 
are  present  and  judged  to  be  adequate;  no  other  evidence  (indirect  artifacts,  affirmations) 
supports  the  direct  artifact(s);  and  one  or  more  weaknesses  are  noted. 

•  Not  Implemented  (NI):  Direct  artifacts  are  absent  or  judged  to  be  inadequate;  no  other  evi¬ 
dence  (indirect  artifacts,  affirmations)  supports  the  practice  implementation;  and  one  or  more 
weaknesses  are  noted. 
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•  Not  Applicable  (NA):  The  standard  section  does  not  apply  (e.g.,  in  the  S58  standard.  Section 
6.2,  “Contractor  Security  Requirements,”  applies  only  to  organizations  that  use  contractors 
for  mail  handling/transport  operations  or  other  sensitive  functions). 

Sections  are  rated  more  simply,  since  the  goal  of  the  assessment  is  essentially  to  arrive  at  a  “Yes” 

or  “No”  judgment  for  each  set  of  practices  that  constitute  a  section: 

•  Satisfied:  All  associated  practices  are  characterized  as  FI,  LI,  or  Not  Applicable,  with  at  least 
one  practice  characterized  as  FI  or  LI;  and  the  aggregation  of  weaknesses  does  not  have  a 
significant  negative  impact  on  goal  achievement. 

•  Not  Applicable:  All  practices  are  characterized  as  Not  Applicable. 

•  Not  Satisfied:  All  other  cases  (i.e.,  the  rules  for  Satisfied  [S]  and  Not  Applicable  [NA]  are 
not  met). 


Figure  2:  Steps  in  Compliance  Determination 

The  assessment  team  repeats  the  on-site  process  for  all  subsections  of  the  standard,  as  shown  in 
Figure  3,  beginning  with  “Conduct  Interviews.”  The  assessment  team  then  creates  a  heat  map  of 
the  results,  as  shown  in  Figure  4.  To  satisfy  the  standard,  all  section-level  ratings  for  the  facility 
must  be  Satisfied  or  Not  Applicable. 
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Figure  3:  On-site  Process  of  Collecting  Evidence  and  Reaching  Consensus  on  Characterizations  and 
Ratings 


Subsection 

characterizations 


Subsections 
were  added  to 
facilitate  the 
assessment 


Section  ratings 


Figure  4:  Sample  Heat  Map  of  Assessment  Results 


Note:  FI  =  Fully  Implemented;  LI  =  Largely  Implemented;  PI  =  Partially  Implemented;  Nl  =  Not  Imple¬ 
mented;  S  =  Satisfied;  NS  =  Not  Satisfied. 


CMU/SEI-2013-TN-033  |  8 


4  Field  Experiences 


In  February  2012,  USPIS  staff  conducted  the  first  pilot  assessments  using  the  new  method  with 
draft  versions  of  S58  and  S59.  The  USPIS  continued  to  conduct  assessments  and  work  with 
CERT  staff  to  improve  the  method  throughout  2012.  CERT  staff  also  recommended  some  im¬ 
provements  to  the  content  of  the  standards  to  the  UPU. 

As  a  result  of  one  assessment,  the  country  postmaster  general  closed  down  the  facility  where  in¬ 
ternational  mail  was  being  dispatched  and  moved  operations  to  a  new  facility  with  improved  secu¬ 
rity  controls  and  conformance  with  UPU  standards.  Other  reviews  have  shown  that  postal 
administrations  largely  confonn  to  UPU  standards  and  that  having  the  specific  feedback  of  as¬ 
sessment  results  encourages  them  to  make  the  minor  improvements  needed  to  ensure  full  compli¬ 
ance. 

One  consistent  finding  highlighted  the  effectiveness  of  the  method  for  producing  accurate  assess¬ 
ments.  The  S58  standard  requires  a  single,  written  security  plan  for  critical  facilities.  Each  pilot 
location  had  a  security  plan,  but  it  did  not  contain  all  the  elements  that  the  standard  requires.  But 
in  following  the  method’s  evidence-discovery  procedures,  the  assessment  team  found  the  missing 
elements  in  other  documents,  such  as  maintenance  plans. 

The  S58  standard  requires  that  access  control  systems  be  used  for  employees,  visitors,  service 
providers,  and  vendors  of  critical  facilities  but  does  not  specify  any  particular  system.  At  all  loca¬ 
tions  examined  in  the  pilots,  the  assessment  team  found  some  failing  in  this  requirement.  But 
many  postal  organizations  operate  at  a  deficit,  so  the  team  tailored  its  compliance  recommenda¬ 
tions  to  each  organization’s  fiscal  realities. 

None  of  the  pilot  locations  had  plans  for  crisis  planning  and  business  continuity.  However,  em¬ 
ployees  generally  knew  what  to  do  in  crisis  situations,  so  the  postal  administrations  had  only  to 
document  that  knowledge  to  reach  compliance. 

All  of  the  pilot  locations  have  asked  to  be  reassessed  after  making  the  improvements  recommend¬ 
ed  in  their  initial  assessments. 

4.1  Benefits 

Based  on  field  reports  and  assessment  results,  participating  postal  organizations  have  realized  the 
following  benefits: 

•  gained  insight  into  their  capability  by  identifying  the  strengths  and  weaknesses  of  current 
security  practices 

•  achieved  recognition  as  having  a  strong  security  posture  by  the  International  Civil  Aviation 
Organization,  World  Customs  Organization,  and  supply  chain  partners  that  rely  on  postal 
services  for  moving  goods 

•  obtained  guidance  to  prioritize  security-related  improvement  plans 

•  received  feedback  on  the  maturity  level  of  the  organization’s  security  program 

•  were  able  to  better  identify  and  prioritize  security  risks 
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5  Conclusion 


Pilot  organizations  have  shown  that  using  a  structured,  scripted  assessment  instrument  is  an  effec¬ 
tive  way  to  assess  compliance  with  the  UPU  postal  security  standards.  The  USPIS  and  other  post¬ 
al  sector  organizations  continue  to  use  the  assessment  method  today  to  achieve  initial  results  and 
assess  progress  made  after  implementing  improvements.  In  2014,  the  method  will  be  provided  to 
civil  aviation  authorities,  who  will  use  it  primarily  to  assess  the  perfonnance  of  postal  administra¬ 
tions  in  meeting  the  screening  and  other  international  airmail  security  standards  of  S59. 

The  method  can  be  tailored  and  applied  to  other  types  of  critical  transportation  services,  including 
those  that  move  people  (such  as  metropolitan  area  transit  systems)  and  goods  by  air,  ground,  and 
sea,  and  to  other  safety  and  security  standards.  It  can  thus  serve  as  a  practical  and  lightweight  way 
to  implement  and  measure  compliance  to  standards  for  ensuring  the  safety,  security,  and  resilien¬ 
cy  of  international  postal,  shipping,  and  transportation  infrastructure. 


CMU/SEI-201 3-TN-033  |  10 


References 


URLs  are  valid  as  of  the  publication  date  of  this  document. 

[CNN  2010] 

CNN  Wire  Staff.  “Yemen-Based  al  Qaeda  Group  Claims  Responsibility  for  Parcel  Bomb  Plot.” 
CNN  International  Edition ,  November  6,  2010. 

http://edition.cnn.com/20 1 0/WORLD/meast/1  l/05/yemen.security.concem/?hpt=T2http://www.n 
pr.org/templates/story/story.php?storyId=l  30935022 

[Perez  2010] 

Perez,  E.;  Entous,  A.;  &  Coker,  M.  “Yemeni  Bombs  Target  U.S.”  Wall  Street  Journal,  October 
29,2010. 

http://online.wsj.com/article/SB10001424052702303284604575582273576079534.html7KEYW 
ORDS=Y  emen+Air+Cargo+Incident 

[UPU  2011] 

Universal  Postal  Union.  “UPU  to  Develop  Global  Postal  Security  Standards.”  25th  Universal 
Postal  Congress,  April  18,  2011.  http://dohacongress.upu.int/home/singel-news/article/upu-to- 
develop-global-postal-security-standards 

[UPU  2012] 

Universal  Postal  Union.  “Progress  Made  on  New  Postal  Security  Standards.”  UPU  News,  March 
8,2012.  http ://ne ws .upu. int/nd/progress-made-on-new-postal-security-standards 

[UPU  2013a] 

Universal  Postal  Union.  Postal  Security  Standards:  General  Security  Measures  (S58).  UPU,  July 
2013.  http://www.upu.int/uploads/tx_sbdownloader/standardS58PostalSecurityEn.pdf 

[UPU  2013b] 

Universal  Postal  Union.  Postal  Security  Standards:  Office  of  Exchange  and  International  Airmail 
Security  (S59-1).  UPU,  July  2013. 

http://www.upu.int/uploads/tx_sbdownloader/standardS58PostalSecurityEn.pdf 

[UPU  2013c] 

Universal  Postal  Union.  Postal  Security  Standards.  UPU,  2013. 
http://www.upu.int/en/activities/postal-security/security-standards.html 

[USPIS  2013] 

U.S.  Postal  Inspection  Service.  Mission.  USPIS,  2013. 
https://postalinspectors.uspis.gov/aboutus/mission.aspx 


CMU/SEI-201 3-TN-033  |  11 


CMU/SEI-201 3-TN-033  |  12 


REPORT  DOCUMENTATION  PAGE 

Form  Approved 

OMB  No.  0704-0188 

Public  reporting  burden  for  this  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  search¬ 
ing  existing  data  sources,  gathering  and  maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regard¬ 
ing  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information,  including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters 
Services,  Directorate  for  information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington,  VA  22202-4302,  and  to  the  Office  of 
Management  and  Budget,  Paperwork  Reduction  Project  (0704-0188),  Washington,  DC  20503. 

1.  AGENCY  USE  ONLY 

(Leave  Blank) 

2.  REPORT  DATE 

January  2014 

3.  REPORT  TYPE  AND  DATES 

COVERED 

Final 

4.  TITLE  AND  SUBTITLE 

A  Proven  Method  for  Identifying  Security  Gaps  in  International  Postal  and  Transportation 

Critical  Infrastructure 

5.  FUNDING  NUMBERS 

FA8721-05-C-0003 

6.  AUTHOR(S) 

Gregory Crabb.J  ulia  H.  Allen,  Pamela  D.  Curtis,  and  Nader Mehravari 

7.  PERFORIVING  ORGAMZATION  NAIVE(S)  AND  ADDRESS(ES) 

Software  Engineering  Institute 

Carnegie  Mellon  University 

Pittsburgh,  PA  15213 

8 .  PERFORMING  ORGAMZATION 

REPORT  NUMBER 

C  M  U/S  E 1-2013-TN  -033 

9.  SPONSOR!  NG'MIOMT ORI NG  AGENCY  NAIVE(S)  AND  ADDRESS(ES) 

AFLCMC/PZE/Hanscom 

E  nterprise  Acquisition  Division 

20  Schilling  Circle 

Building  1305 

Hanscom  AFB,  MA  01731-2116 

10.  SPONSORING/MIOMTORING 

AGENCY  REPORT  NUMBER 

n/a 

11.  SUPPLEMENTARY  NOTES 

12a  DISTRIBimON'AVAILABIUTY  STATEMENT 

Unclassified/Unlimited,  DTIC,  NTIS 

12B  DISTRIBUTION  CODE 

13.  ABSTRACT  (MAXIMUM  200  WORDS) 

The  safety,  security,  and  resilience  of  international  postal,  shipping,  and  transportation  critical  infrastructure  are  vital  to  the  global  supply 
chain  that  enables  worldwide  commerce  and  communications.  But  security  on  an  international  scale  continues  to  fail  in  the  face  of  new 
threats.  Owners  and  operators  of  critical  postal,  shipping,  and  transportation  operations  need  new  methods  to  identify,  assess,  and  miti¬ 
gate  security  risks  and  gaps  in  the  most  effective  manner  possible.  The  U.S.  Postal  Inspection  Service,  in  collaboration  with  the  Univer¬ 
sal  Postal  Union  (UPU)  and  the  C E RT®  Division  atCarnegie  Mellon  University's  Software  Engineering  Institute,  developed  a  physical 
security  assessment  method  to  identify  gaps  in  the  security  of  international  mail  processing  centers  and  similar  shipping  and  transporta¬ 
tion  processing  facilities.  This  assessment  method  and  its  associated  field  instrument  are  designed  to  be  repeatable,  cost  effective,  scal¬ 
able,  accurate,  meaningful,  and  transparent.  Since  the  method  uses  UPU  standards  as  its  reference,  it  may  be  used  by  the  international 
community  to  evaluate  the  security  of  postal  administrations  around  the  world.  The  method  also  can  be  applied  to  other  types  of  critical 
transportation  services,  such  as  metropolitan  transit  systems.  This  report  describes  the  history,  development  approach,  field  experienc¬ 
es,  and  benefits  of  this  method. 

14.  SUBJECT  TERMS  15.  NUMBER  OF  PACES 

international  shipping  security,  international  transportation  security,  international  mail  security,  25 

risk  assessment,  risk  mitigation,  UPU  standards,  CERT-RMM,  resilience  management 

16.  PRICE  CODE 

17.  SEOJRITY  CLASSIFICATION  OF  18.  SEOJRITY  CLASSIFICATION  19.  SECURITY  CLASSIFICATION  20.  LIMITATION  OF 

REPORT  OF  THIS  PAGE  OF  ABSTRACT  ABSTRACT 

Unclassified  Unclassified  Unclassified  UL 


NSN  7540-01-280-5500 


Standard  Form  298  (Rev.  2-89)  Prescribed  by  ANSI  Std.  Z39-18 
298-102 


